this repo has no description
chadtmiller.com
1# Changelog
2
3All notable changes to this project will be documented in this file.
4
5The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
6
7## [Unreleased]
8
9## [0.4.0] - 2026-01-08
10
11### Added
12
13- **Foreign DID proxying** via `atproto-proxy` header
14 - `parseAtprotoProxyHeader()` parses `did:web:api.bsky.app#bsky_appview` format
15 - `getKnownServiceUrl()` maps known service DIDs to URLs
16 - `proxyToService()` generic proxy utility with header forwarding
17 - Repo endpoints (getRecord, listRecords, describeRepo) support explicit proxying
18 - Returns appropriate errors for malformed headers or unknown services
19- Unit tests for proxy utilities
20- E2E tests for foreign DID proxying behavior
21
22### Changed
23
24- Refactored `handleAppViewProxy` to use shared `proxyToService` utility
25
26## [0.3.0] - 2026-01-08
27
28### Added
29
30- **Granular OAuth scope enforcement** on repo and blob endpoints
31 - `parseRepoScope()` parses `repo:collection?action=create&action=update` format
32 - `parseBlobScope()` parses `blob:image/*` format with MIME wildcards
33 - `ScopePermissions` class for checking repo/blob permissions
34 - Enforced on createRecord, putRecord, deleteRecord, applyWrites, uploadBlob
35- **Consent page permissions table** displaying scopes in human-readable format
36 - Identity-only: "wants to uniquely identify you" message
37 - Granular scopes: Table with Collection + Create/Update/Delete columns
38 - Full access: Warning banner for `transition:generic`
39- `parseScopesForDisplay()` helper for consent page rendering
40- E2E tests for scope enforcement and consent page display
41
42## [0.2.0] - 2026-01-07
43
44### Added
45
46- **OAuth 2.0 authorization server** with full AT Protocol support
47 - Discovery endpoints (AS metadata, protected resource, JWKS)
48 - Pushed Authorization Requests (PAR)
49 - Authorization endpoint with dark-themed consent UI
50 - Token endpoint (authorization_code + refresh_token grants)
51 - Token revocation (RFC 7009)
52 - DPoP proof validation and token binding
53 - PKCE with S256 code challenge
54 - Client metadata fetching and validation
55 - Loopback client support for development
56- DPoP JTI tracking to prevent replay attacks
57- Comprehensive OAuth e2e tests
58
59### Changed
60
61- **BREAKING:** Normalized SQL schema to snake_case convention
62 - Tables: `blob` → `blobs`, `record_blob` → `record_blobs`
63 - Columns: `mimeType` → `mime_type`, `createdAt` → `created_at`, `blobCid` → `blob_cid`, `recordUri` → `record_uri`
64 - Existing Durable Objects require storage reset
65- Consolidated error responses to use `errorResponse` helper
66- Moved OAuth types to TYPES & CONSTANTS section
67
68## [0.1.0] - 2025-01-07
69
70Initial experimental release.
71
72### Added
73
74- **Repo operations:** createRecord, getRecord, putRecord, deleteRecord, applyWrites, listRecords
75- **Sync endpoints:** getRepo (CAR export), subscribeRepos (WebSocket firehose), getLatestCommit
76- **Authentication:** createSession, getSession, refreshSession with JWT tokens
77- **Blob storage:** uploadBlob, getBlob, listBlobs with R2 backend
78 - MIME type sniffing (JPEG, PNG, GIF, WebP, MP4, AVIF, HEIC)
79 - Automatic orphaned blob cleanup via DO alarms
80 - Blob-record association tracking
81- **Identity:** Handle resolution, PLC directory registration
82- **Federation:** Relay notification (requestCrawl), AppView proxy for app.bsky.* endpoints
83- **Infrastructure:**
84 - Merkle Search Tree (MST) for repo structure
85 - DAG-CBOR encoding with CID generation
86 - P-256 ECDSA signing via Web Crypto
87 - TypeScript checking via JSDoc annotations
88 - Setup script for key generation and PLC registration